[CLSA-2023:1676026057] Fix CVE(s): CVE-2023-0215, CVE-2023-0286

Type:

security

Severity:

Important

Release date:

2023-02-10 10:47:37 UTC

Description:

   * SECURITY UPDATE: Use-after-free following BIO_new_NDEF
     - debian/patches/CVE-2023-0215.patch: fix a UAF resulting from a bug
       in BIO_new_NDEF in crypto/asn1/bio_ndef.c
     - CVE-2023-0215
   * SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName
     - debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for x400Address
       in crypto/x509/v3_genn.c
     - CVE-2023-0286

Updated packages:

libssl-dev_1.0.2g-1ubuntu4.21+tuxcare.els5_amd64.deb
sha:0a7c241e174644656b30a604f43ca01e0a2ee90f
libssl-doc_1.0.2g-1ubuntu4.21+tuxcare.els5_all.deb
sha:66d1065ba8f1b66a20efb157f8efff362f19eb36
libssl1.0.0_1.0.2g-1ubuntu4.21+tuxcare.els5_amd64.deb
sha:9e29d5bb214abc317963fa69a07013ba9ee8dc0e
openssl_1.0.2g-1ubuntu4.21+tuxcare.els5_amd64.deb
sha:8b0da3d05aafe80c819d7adeee4b415089c34239

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.